35 matches found
CVE-2002-0593
CVE-2002-0593: A buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier can be triggered by a long channel name in an IRC URI, allowing remote DoS and possibly arbitrary code execution. Affected software is Netscape 6 and Mozilla 1.0 RC1 and earlier; the underlying issue is a buffer overfl...
CVE-2000-1187
CVE-2000-1187 involves a buffer overflow in the HTML parser of Netscape 4.75 and earlier. The vulnerability allows remote attackers to execute arbitrary commands by supplying a long password value in a form field. The available documents explicitly describe the affected component (HTML parser), t...
CVE-1999-0031
The CVE-1999-0031 issue affects legacy browsers: Internet Explorer 3.x–4.x and Netscape 2.x–4.x . The vulnerability description states that JavaScript in these browsers allows remote attackers to monitor a user’s web activities (the Bell Labs vulnerability). The connected sources confirm the affe...
CVE-1999-0440
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-1999-0685
CVE-1999-0685 describes a buffer overflow in Netscape Communicator triggered by EMBED tags in the pluginspage option. The affected product is Netscape Communicator; the vulnerability concerns the plugin-related EMBED handling path, with the root cause identified as a buffer overflow. Practical im...
CVE-2000-0517
Netscape Navigator (4.73 and earlier) may omit warnings or mis-handle cert state if a user previously accepted a non-matching certificate, enabling a DNS-compromise scenario to spoof a legitimate site. Root cause: certificate name mismatch is not revalidated within the same session after a warnin...
CVE-1999-0174
Consolidated: CVE-1999-0174 is a traversal flaw in the view_source CGI that allows remote attackers to read arbitrary files via a .. sequence. Affected component: the view_source CGI program; root cause: directory traversal; impact: partial confidentiality. No patch/version details are provided i...
CVE-1999-0424
The CVE-1999-0424 entry concerns Netscape 4.5’s talkback feature, allowing a local user to overwrite arbitrary files of another user when Netscape crashes. Affected software: Netscape 4.5; Vulnerable component/behavior: talkback causing local file overwrite after crash. Impact: partial confidenti...
CVE-1999-0762
The CVE-1999-0762 issue involves Netscape Communicator where JavaScript embedded in the TITLE tag can cause the browser to leak information via the about protocol, enabling a remote attacker to access browser information. The description and connected records consistently describe this vulnerabil...
CVE-2000-0655
CVE-2000-0655 affects Netscape Communicator 4.73 and earlier. The vulnerability allows remote attackers to cause a denial of service or execute arbitrary commands through a JPEG image containing a comment with an illegal field length of 1. The connected documents corroborate the affected software...
CVE-2000-0711
Vulnerability summary (CVE-2000-0711) : Netscape Communicator fails to prevent a ServerSocket object from being created by untrusted entities, enabling a remote attacker to start a server on the victim’s system via a malicious applet (as demonstrated by Brown Orifice). The underlying issue is a f...
CVE-1999-1189
The CVE-1999-1189 issue affects Netscape Navigator/Communicator 4.7 on Windows 95/98. A buffer overflow can be triggered by a long argument after the ? in a URL referencing .asp, .cgi, .html, or .pl, allowing remote denial of service and potentially arbitrary command execution. No remediation det...
CVE-2000-0034
Netscape 4.7 is affected by CVE-2000-0034: during IMAP/POP sessions, the application records user passwords in the preferences.js file even when “remember passwords” is not enabled. Root cause is password storage in preferences.js, as documented in PT-1999-1842 and echoed in CVE records. Impact i...
CVE-1999-0425
CVE-1999-0425 affects Netscape 4.5 where the TalkBack feature can be exploited by a local user to kill an arbitrary process of another user when Netscape crashes. The issue is documented across multiple sources (NVD entry, Red Hat advisory, CVE records, and PT-SECURITY report) with the core descr...
CVE-1999-0537
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-1999-0892
Summary (CVE-1999-0892) : The vulnerability affects Netscape Communicator prior to version 4.7, where a buffer overflow can occur when processing a dynamic font whose length field is smaller than the actual font size. The PT-1999-1440 source corroborates Netscape Communicator versions before 4.7 ...
CVE-2002-1766
CVE-2002-1766 concerns Netscape 4.77's Composer component, where a buffer overflow can occur when processing a font tag with a long face attribute. This vulnerability could allow local users to overwrite process memory and execute arbitrary code. The provided documents identify the affected produ...
CVE-1999-0790
CVE-1999-0790 involves Netscape where a remote attacker can read information from a Netscape user’s cache via JavaScript. Affected software: Netscape browser. Root cause: JavaScript access enables reading cached data, resulting in partial confidentiality impact. Exploitation details, affected ver...
CVE-1999-1002
CVE-1999-1002 affects Netscape Navigator: weak encryption used to store a user's Netscape mail password, leading to partial confidentiality impact. The CVSS base score is 5.0 (MEDIUM) with network attack vector and no authentication required; exploitation details are not provided in the linked do...
CVE-1999-1262
Technical details about CVE-1999-1262 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2000-0087
CVE-2000-0087 affects Netscape Communicator’s Mail Notification (nsnotify) utility. The issue arises from using IMAP without SSL even when the user configures SSL for Communicator, enabling a remote attacker to sniff usernames and passwords in plaintext. The description documents the vulnerable c...
CVE-1999-0809
CVE-1999-0809 affects Netscape Communicator 4.x with Javascript enabled, where the browser does not warn users about cookie settings even when the user has selected 'Only accept cookies originating from the same server as the page being viewed'. Relevant connected sources (Red Hat, NVD/NIST, CVE ...
CVE-2002-2013
The CVE-2002-2013 entry affects Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier. The vulnerability arises from a hex-encoded null character (%00) in a link, allowing a remote attacker to steal cookies from another domain. Exploitation details are not provided in the supplied documents, and...
CVE-2002-2338
The CVE-2002-2338 issue affects the POP3 client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier. A remote attacker can trigger a denial of service (no new mail) by sending a mail message containing a dot (.) at a newline, which is treated as the end of the message. The root ...
CVE-2002-1204
CVE-2002-1204 affects Netscape Communicator 4.x. The vulnerability allows an attacker to steal a user’s preferences (e.g., URL history, e‑mail address, and potentially the e‑mail password) by redefining the user_pref() function and reading prefs.js, which is stored in a directory with a predictab...
CVE-2000-0409
CVE-2000-0409 affects Netscape 4.73 and earlier. When importing a new certificate, Netscape follows symlinks, allowing a local user to overwrite files owned by the user importing the certificate. The available documents state the issue and the affected behavior but do not specify exact vulnerable...
CVE-2001-0596
Netscape Communicator prior to 4.77 is affected by CVE-2001-0596: a GIF image whose comment contains Javascript allows remote code execution. The underlying issue is improper handling/escaping of GIF comments, enabling arbitrary Javascript execution via the about: protocol or image viewing contex...
CVE-1999-1226
CVE-1999-1226 affects Netscape Communicator 4.7 and earlier. The vulnerability allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. The connected sources do not provide concrete exploit code or in-the-wild details. Affected com...
CVE-1999-1357
CVE-1999-1357 affects Netscape Communicator 4.04–4.7 on UNIX, where 0x8b is mapped to ‘’, enabling cross-site scripting via CGI scripts that fail to filter these characters. The description does not specify affected versions beyond those, nor the root cause beyond character mapping in HTML contex...
CVE-2001-0921
Technical details about CVE-2001-0921 are not publicly provided in the connected documents. The initial description describes a memory-sensitive form-field exposure in Netscape 4.79 on macOS; monitor for updates.
CVE-2002-2284
The CVE-2002-2284 entry concerns Netscape Communicator 4.0–4.79, where an applet loading user-supplied Java classes can bypass the JVM security model and allow remote arbitrary Java code execution. The vulnerability affects the applet/JVM interaction and is exploitable via a remote attacker, as i...
CVE-2002-2308
Technical details (affected products, versions, root cause, impact, or fixes) are not publicly available in the provided connected documents. Monitor for updates.
CVE-2000-0406
The CVE-2000-0406 entry describes: Netscape Communicator before 4.73 and Navigator 4.07 do not properly validate SSL certificates, enabling remote attackers to redirect traffic to a malicious server (Acros-Suencksen SSL) and potentially steal data. No remediation or exploit details are provided i...
CVE-2000-0676
CVE-2000-0676 affects Netscape Communicator/Navigator 4.04–4.74. An unsigned Java applet could read local files (e.g., file://) and connect to remote resources via file/http/https/ftp URLs, enabling data exfiltration via Brown Orifice. Root cause is an implementation error in the JRE bundled with...
CVE-2002-2248
CVE-2002-2248 describes a buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation used by Netscape 4.0. An applet that passes a long string to the WDefaultFontCharset constructor and calls canConvert can trigger the overflow, enabling remote code execution. The NVD en...